If the server sending the email to FastMail supports it, it will enable an SSL/TLS connection and send the email to FastMail over an encrypted connection. Some extra notes:

At the moment, this only affects the sending of email from another
server to FastMail, not from FastMail to another server,
though we are looking into this

We can't force a remote server to use encryption, it's up to the
remote server to detect that we support it and then enable it before
sending the email

This is not full end-to-end encryption of the email. The email is
only encrypted during transit from the other server to us, once at
our side, it's stored unencrypted again. For full end-to-end
encryption, you need something likePGP

Encrypted connections have extra headers added to the email so you
can see the transmission was encrypted. An example: